Linux

Ubuntu: X11 forwarding to view GUI applications running on server hosts

Although server hosts typically have no graphical desktop and only serve console-based clients, these machines still have the ability to serve a GUI display screen to a remote desktop if necessary. The X11 protocol makes it possible to send the graphical display to a remote graphical desktop. Beyond the ability to run GUI utilities on Ubuntu: X11 forwarding to view GUI applications running on server hosts

Ubuntu: Customizing and repacking a deb file

Although there are utilities such as dpkg-deb for managing .deb packages, they can also be manipulated by the standard set of archival utilities: tar, ar, and gzip. This article will lead you through extracting the contents of a .deb file, making modifications to the installation scripts and default configuration files, then repackaging.

Linux: Excluding directories when using zip

If you are using zip and find yourself needing to exclude a directory (.git, build, etc), the “-x” exclude switch can provide that functionality.  Take the following directory structure: $ find . . ./two.txt ./skipme ./skipme/three.txt ./one.txt You can exclude the entire ‘skipme’ folder and everything in it with: zip -r myzip.zip * -x skipme/*

Ubuntu: Gathering hardware and BIOS details

Whether you need to flash the BIOS or check hardware compatibility for a virtualization engine, it is often necessary to gather details on your current hardware, BIOS, and CPU/DRAM feature set. In this article I’ll provide a starting list of commands you can use to gather this information.

iptables: Running service as non-root, iptables to forward from privileged port

There are multiple approaches to allowing a process to run as a non-root user but still provide access to privileged ports (<1024). There are applications like Apache that handle this by starting the master process as root, and then worker processes as a less privileged user.  Another way is setting the privilege on a binary iptables: Running service as non-root, iptables to forward from privileged port

Vagrant: Fixing “error while downloading the metadata for this box”

If you see the message, “There was an error while downloading the metadata for this box”, with a 404 not found return message when doing a box update – make sure to check the URL listed in the Vagrant “metadata_url” files. For example, the “atlas.hashicorp.com” host has been deprecated in favor of “vagrantcloud.com” for some Vagrant: Fixing “error while downloading the metadata for this box”

KVM: Alternate firmware BIOS for KVM

By default, KVM will use an older SeaBIOS x86 firmware for your virtual machines.  If you want to use a more recent version of seaBIOS or want to drop the older BIOS standard and instead use the newer UUEFI specification (Unified Extensible Firmware Interface), KVM can support that with configuration changes. In this article, I KVM: Alternate firmware BIOS for KVM

Docker: Using docker-compose to link a MongoDB server and client

Docker Compose gives us the ability to define and orchestrate multiple containers in order to construct a service.  In this article, we will use Docker Compose to create a MongoDB server and then another container that is used exclusively as a MongoDB client. While it is entirely possible to manually create these containers, links, and Docker: Using docker-compose to link a MongoDB server and client

MongoDB: Installing a MongoDB client on Ubuntu

In order to communicate with MongoDB using its default TCP protocol on port 27017, you will need a MongoDB client.  There are many language bindings available, but in this article we’ll focus on the client available from the “mongodb-org-shell” Debian package.

Docker: Base image when deploying a GoLang binary in a container

Update Oct 2020: multi-stage builds now provide a standard way to leverage a fat build image, while allowing your published image to remain small.  This article is still useful for comparing base image sizes. GoLang applications are a great architectural fit for a Docker container because of their single binary executable. But you need to Docker: Base image when deploying a GoLang binary in a container

Ubuntu: Resizing Nautilus window after it has been maximized

If you have issues with the Nautilus default file browser window not being resizable after it has been maximized, first try holding down “alt” while holding down the mouse button and dragging inside the window. If that does not work, you can use “wmctrl” from the console to fix the issue.

Java: Spring Boot application as a service using SysV on Ubuntu 14.04

Although in modern architectures you typically see Spring Boot executable jars running as the primary process of a container, there are still many deployment scenarios where running the jar as a service at boot time is required. With Ubuntu 14.04, we can use SysV to run a Spring Boot application at boot time.   This will Java: Spring Boot application as a service using SysV on Ubuntu 14.04

Java: Spring Boot application as a service using systemd on Ubuntu 16.04

Although in modern architectures you typically see Spring Boot executable jars running as the primary process of a container, there are still many deployment scenarios where running the jar as a service at boot time is required. With Ubuntu 16.04, we can use the built-in systemd supervisor to run a Spring Boot application at boot Java: Spring Boot application as a service using systemd on Ubuntu 16.04

ELK: Installing Logstash on Ubuntu 16.04

Logstash provides a powerful mechanism for listening to various input sources, filtering and extracting the fields, and then sending events to a persistence store like ElasticSearch. Installing Logstash on Ubuntu is well documented, so in this article I will focus on Ubuntu specific steps required for Logstash 6.x on Ubuntu 16.04.

Ubuntu: Creating a self-signed SAN certificate using OpenSSL

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also Ubuntu: Creating a self-signed SAN certificate using OpenSSL

Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name).  Operationally, having your own trusted CA is advantageous over a Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

Postfix: Forcing a reprocess of the pending queue

Postfix is a open source mail transfer agent.  If communication the upstream mail relay is disrupted, email will build up in the pending mail queue until the root cause is resolved.

Ubuntu: Testing the official released kernel patches for Meltdown CVE-2017-5754

The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue and they are now available from the both the updates and security official Ubuntu repositories. In this article, I’ll step through patching an Ubuntu: Testing the official released kernel patches for Meltdown CVE-2017-5754

Ubuntu: Testing the first candidate kernel patches for Meltdown CVE-2017-5754

The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue by January 9, 2018 and the first candidate kernel patches have now been released for Xenial and Trusty LTS. UPDATE Jan 11 Ubuntu: Testing the first candidate kernel patches for Meltdown CVE-2017-5754

Ubuntu: Testing the KAISER kernel patch for Meltdown CVE-2017-5754

The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes.  Canonical has committed to kernel patches to address this issue by January 9, 2018. A paper coming out of Graz University of Technology in Austria and written by Daniel Gruss, Moritz Lipp, Michael Ubuntu: Testing the KAISER kernel patch for Meltdown CVE-2017-5754

Ubuntu: Determine system vulnerability for Meltdown CVE-2017-5754

The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes.  Canonical has committed to kernel patches to address this issue by January 9, 2018. If you need to check your system, or perhaps have already patched your systems but want to Ubuntu: Determine system vulnerability for Meltdown CVE-2017-5754

Ubuntu: Determine system vulnerability for Spectre CVE-2017-5715 CVE-2017-5753

The Spectre vulnerability affects Intel, AMD, and ARM processor chips (each to various degrees) and can allow unprivileged access to memory in the kernel and other processes.  Canonical has committed to kernel patches to address this issue by January 9, 2018. If you need to check your system, or perhaps have already patched your systems Ubuntu: Determine system vulnerability for Spectre CVE-2017-5715 CVE-2017-5753

HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 16.04 with Systemd

This article has been updated in October 2018 and is now tested for HAProxy 1.8.14. The reload functionality in HAProxy till now has always been “not perfect but good enough”, perhaps dropping a few connections under heavy load but within parameters everyone was willing to accept. And because of the potential impact, a reload was HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 16.04 with Systemd

HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 14.04

This article has been updated in October 2018 and is now tested for HAProxy 1.8.14. The reload functionality in HAProxy till now has always been “not perfect but good enough”, perhaps dropping a few connections under heavy load but within parameters everyone was willing to accept. And because of the potential impact, a reload was HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 14.04